Other Sites

9to5Linux

Mesa 24.3 Open-Source Graphics Stack Adds Vulkan 1.3 Conformance for V3DV

Coming more than three months after Mesa 24.2, the Mesa 24.3 release is here to introduce Vulkan 1.3 conformance for the V3DV graphics driver for Raspberry Pi 4 and Raspberry Pi 5 devices, which should give the Raspberry Pi OS distribution a serious graphics boost the next time you update it. In addition, the V3DV driver received support for the VK_KHR_shader_relaxed_extended_instruction Vulkan extension.

LinuxGizmos.com

invisCAM A Compact 2MP Camera for Low Light and Low Power Applications

This month, Arducam introduced the invisCAM, a compact imaging solution that integrates advanced functionality and precise engineering within a small form factor. The camera is designed to address the challenges of achieving high-quality imaging, functional versatility, and cost efficiency in a portable USB device.

Coin-sized ESP32-H2-WROOM-07 RISC-V Module with BLE, Thread, and Zigbee Support for $2.13

The ESP32-H2-WROOM-07 is a compact module featuring a RISC-V single-core 32-bit microprocessor and support for Bluetooth Low Energy. It can be configured with up to 4 MB of flash memory and is designed for applications such as smart home systems, industrial automation, and consumer electronics.

Pine64 Unveils PineCam with RISC-V SG2000 SoC and 2MP Camera

The Pine64 November update introduces the PineCam, a successor to the PineCube IP camera. With a redesigned structure and enhanced features, the PineCam is aimed at applications like monitoring, video streaming, and hardware experimentation.

RED-BEET 2.0: Advanced Powerline Communication for E-Mobility Applications

The RED-BEET 2.0 by 8Devices is a compact powerline communication module built on the Qualcomm QCA7006AQ PLC chip, supporting SPI, Ethernet, HomePlug GreenPHY, and HomePlug AV standards. Its small size, industrial temperature tolerance, and automotive-grade certification are designed for integration into e-mobility and automotive applications.

Security Leftovers

posted by Roy Schestowitz on Oct 11, 2022

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (connman, dbus, git, isc-dhcp, strongswan, and wordpress), Fedora (rubygem-pdfkit and seamonkey), Red Hat (gnutls, nettle, rh-ruby27-ruby, and rh-ruby30-ruby), SUSE (libgsasl, python, and snakeyaml), and Ubuntu (graphite2, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-hwe, linux-oracle, openssh, and pcre3).
Living off the Cloud. Cloudy with a Chance of Exfiltration | Pen Test Partners [Ed: Microsoft TCO; the company is not compatible with the notion of security, but it's a "market leader" in NSA back doors.]

Unless default settings are changed, typical Office 365 (O365) licences come loaded with various services that are all usable by end users without special permissions. Power Automate can be used maliciously by compromised users or insider threats to systematically capture and exfiltrate data without having to contend with network safeguards.

[...]

Power Automate is an O365 service that is included with common place such as Office 365 E1, E3 and E5 that are commonly used by organisations. Power Automate can also be used with a free licence suitably named “Microsoft Power Automate Free”. Both versions come with plenty of capabilities, known as connectors. This service is a visual scripting service that allows users to automate different activities and duties to streamline processes.

The below image demonstrates the visual layout of this service, which allows you to create flows (cloud-hosted scripts) with all the typical scripting concepts such as loops, if statements, declaring variables, etc. The below example flow generates a spreadsheet with trending documents for everyone in the target group. Please note that you can only see shared documents.
Imperceptible and blackbox-undetectable backdoors in compiled neural networks

Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them. These defences work by inspecting the training data, the model, or the integrity of the training procedure. In this work, we show that backdoors can be added during compilation, circumventing any safeguards in the data preparation and model training stages. As an illustration, the attacker can insert weight-based backdoors during the hardware compilation step that will not be detected by any training or data-preparation process. Next, we demonstrate that some backdoors, such as ImpNet, can only be reliably detected at the stage where they are inserted and removing them anywhere else presents a significant challenge. We conclude that machine-learning model security requires assurance of provenance along the entire technical pipeline, including the data, model architecture, compiler, and hardware specification.
ML models must also think about trusting trust | Light Blue Touchpaper

Our latest paper demonstrates how a Trojan or backdoor can be inserted into a machine-learning model by the compiler. In his Turing Award lecture, Ken Thompson explained how this could be done to an operating system, and in previous work we’d shown you you can subvert a model by manipulating the order in which training data are presented. Could these ideas be combined?
Cybersecurity Awareness: 4 Steps to Improve Your Security Online

According to CISA, this initiative is focused on the “people part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school.”
Tachyum Runs Native Security-Enhanced Linux to Ensure Protection of Critical Infrastructure
Tachyum Runs Native Security-Enhanced Linux to Ensure Protection of Critical Infrastructure

Tachyum™ today announced that Prodigy, the world’s first universal processor, successfully runs Security-Enhanced Linux (SELinux), the security architecture for Linux systems that allows administrators to have more control over who can access a system. This latest success of Tachyum’s software team helps satisfy customer requirements in many of its key markets.
XSAs released on 2022-10-11 | Qubes OS

The Xen Project has released one or more Xen Security Advisories (XSAs). The security of Qubes OS is not affected. Therefore, no user action is required.

Other Recent Tux Machines' Posts

Canonical/Ubuntu Leftovers: security and commercial bits
Blender 4.3 Open-Source 3D Graphics App Introduces Experimental Vulkan Backend: The Blender Foundation announced today the release and general availability of Blender 4.3 as a major update to this powerful, free, cross-platform, and open-source 3D graphics and modeling software.
PINE64’s New Smart Camera Runs Linux: Pine64 shared some information about new products and updates in its latest community announcement
Media Unable to Tell the Difference Between Proprietary VMware and "Linux": FUD tactics
FreeCAD 1.0 Open-Source 3D Parametric Modeler Released, Here’s What’s New: FreeCAD 1.0 has been released today as a major milestone for this open-source, free, and cross-platform parametric 3D computer-aided design (CAD) modeler software for GNU/Linux, macOS, and Windows systems.
Today in Techrights: Some of the latest articles
mesa 24.3.0: This release has seen the continuing trend of OpenGL work slowing down
Linux Code of Conduct Board and CoC Supremacy Over Code/Function: CoC strikes
Android Leftovers: Android finally getting ability to restore credentials in phone move
ReiserFS Reaches Its Final Chapter: Linux kernel 6.13 says goodbye to ReiserFS
Stable kernels: Linux 6.12.1, Linux 6.11.10, Linux 6.6.63, and Linux 6.1.119: All users of the 6.12 kernel series must upgrade
Cybershow News Autumn 2024: The sad reality is that beyond SE-Linux and Apparmor Free and Open Source offerings for effective application whitelisting is still quite thin on the ground and difficult to use. We need some better UX around that.
Khronos Group takes over cross-platform Slang shading language from NVIDIA: Interesting industry news here for you, especially for developers
Programming Leftovers: Development picks
Security and Windows TCO Leftovers: news about patches and incidents
today's howtos: many howtos for now
IBM and Red Hat Leftovers: IBM stuff and mostly RedHat.com
Android Leftovers: Android will soon instantly log you in to your apps on new devices
Proxmox VE 8.3 Released with Enhanced Features: Proxmox Virtual Environment 8.3 is here with faster backups, SDN-firewall integration, webhook notifications, and improved hypervisor migration
Anti-Cheat: A Thorny Problem For Linux Gamers: The anti-cheat situation on Linux is getting worse. Let's see what you can do about it
Rhino Linux: The Unique Distro That Combines Ubuntu and Rolling Releases Needs Your Support!: The ambitious project is now asking for help. Let's try helping them
Huion Kamvas Pro 19 - review on GNU/Linux: This blog post here is a list of my installation method, scripts and tweaks to install the device under a GNU/Linux operating system
Free and Open Source Software, howtos and Installations: This is free and open source software
How RHEL and Fedora Shape Red Hat’s Linux Offerings: Not all Linux distributions provide platforms for enterprise and non-business adopters
Games: Dungeon Clawler, Steam Deck, and More: Latest from GamingOnLinux
Security Leftovers: Security related picks
Distributions and Operating Systems: Kali Linux, BSD, SUSE, and More: BSD and GNU/Linux leftovers
OSI Openwashing (Funded by Microsoft) and Free, Libre, and Open Source Software Leftovers: Some FOSS and fake FOSS picks
POSETTE and PGConf.dev 2025 Preparations (Postgres Events): Postgres news
Programming Leftovers: Development related news picks
Open Hardware/Modding: Arduino, Raspberry Pi, ESP32, and More: some devices and more
Red Hat / CentOS / IBM / Oracle Linux / Alma Leftovers: RHEL camp and IBM
Games: Proton Experimental and Bug in CS2: a pair of gaming picks
today's howtos: long batch for Friday
Today in Techrights: Some of the latest articles
Rocky Linux 9.5 Released, Here’s What’s New: Rocky Linux 9.5 is now available for download, packed with updates like Podman 5.0, GCC 11.5, Node.js 22, and more
11 Reasons Why You Should Switch from Windows to Linux: Here are a number of reasons why you should consider GNU/Linux as your next operating system
libtool-2.5.4 released: The Libtool Team is pleased to announce the release of libtool 2.5.4
Mesa 24.3 Open-Source Graphics Stack Adds Vulkan 1.3 Conformance for V3DV: The Mesa 24.3 open-source graphics stack for Linux-based operating systems has been officially released as the third major update in the Mesa 24.x series.
Why I Ditched Linux for Samsung DeX: Canonical pursued convergence with the Ubuntu Phone, an effort to make a phone that was also a PC
MYiR Tech MYC-LR3576 Rockchip RK3576 LGA SoM offers 6 TOPS NPU and 8K video support for AIoT applications: MYiR Tech’s Rockchip RK3576 SoM also supports Linux 6.1 and Debian 12 along with software resources like kernel and driver source code
SolidRun unveils HummingBoard i.MX8M IIOT SBC and the IIOT-200-8M Gateway for Edge AI and industrial IoT applications: In terms of software support the company mentions that the SBC supports Yocto and Debian BSPs, with drivers for peripherals like TPM 2.0, RTC, Wi-Fi, Bluetooth, and various I/O interfaces
Android Leftovers: 10 Features You No Longer Need to Root Your Android Phone For
Linux, HowTos, Fedora, and Debian 13: today's leftovers
Ubuntu? That’s a Bullfinch, Not an Oriole: Here’s something lighthearted for you—unless you’re pedantic about ornithology
Ubuntu 25.04 (Plucky Puffin) Daily Build ISOs Are Now Available for Download: Now that Canonical officially opened the development of Ubuntu 25.04 (Plucky Puffin), it has published the first daily build ISO images for early adopters, application developers, and general public testing.
Windows TCO and Microsoft Imprisonment of Developers: Microsoft as a risk
Tools and Emulators: Linux is an excellent platform for retro gaming
Best Free and Open Source Software, howtos and Installations: Many of these desktop clients are a complete solution as they include a server
Slimbook Executive, long-term report 6: Let me define deja-vu for you. In my fourth Slimbook Titan article
Thelio Astra Native ARM64 Platform with 128 Core Ampere Altra CPU 512GB ECC RAM and 40TB Storage: System76 indicates that the Thelio Astra runs Ubuntu 22.04 LTS and 24.04 LTS
Upgrade to Freedom! The Switch from Windows 10: This looming transition sets the stage for Linux communities to embrace the Upgrade to Freedom
Leap Micro 6.1 Alpha is now available. Get ready for Leap Micro 5.5 End of Life: Leap Micro 6.1 Alpha images can be found at get.opensuse.org
Games: GamingOnLinux's Latest 10: articles from GamingOnLinux
today's leftovers: with GNU/Linux focus
Programming Leftovers: Programming stuff, some Python
Security Leftovers: Security related stories and some FUD, too
today's howtos: first batch of today
AlmaLinux OS 9.5 Is Here as a Free Alternative to Red Hat Enterprise Linux 9.5: The AlmaLinux OS Foundation announced today the release and general availability of AlmaLinux OS 9.5 (codename Teal Serval), as the latest stable version of this free Red Hat Enterprise Linux (RHEL) fork.
Red Hat Helping Microsoft's Attack on Linux and Privacy: among other things
Linux Foundation Openwashing Foundations: Fake openness as a product
EasyOS Scarthgap and Daedalus 6.4.4 releases: Bringing both of these to the same version number
Announcing Incus 6.7: The Incus team is pleased to announce the release of Incus 6.7
Back In Time back from the dead: Back In Time is a GPL-2.0-licensed backup tool based on rsync and written in Python
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

Security Leftovers

Living off the Cloud. Cloudy with a Chance of Exfiltration | Pen Test Partners [Ed: Microsoft TCO; the company is not compatible with the notion of security, but it's a "market leader" in NSA back doors.]

Other Recent Tux Machines' Posts